Our contractual commitment
The security of your data is not optional at Cogite — it's a contractual commitment enshrined in every one of our engagements. We operate according to the most demanding international standards for confidentiality, encryption and governance.
Confidentiality
Before any project begins, we sign a non-disclosure agreement (NDA) covering our entire team. Every annotator assigned to your project has personally signed an extended confidentiality commitment, and their access to data is strictly limited to the project duration.
Data encryption
- End-to-end encryption of data in transit (TLS 1.3)
- At-rest encryption on all our servers (AES-256)
- Secure transfer channels (SFTP, signed URLs, or private API depending on your preferences)
- No local copies on annotator workstations without explicit authorization
Regulatory compliance
Cogite.ai complies with the following regulations:
- GDPR (EU General Data Protection Regulation) — for our European clients
- CCPA (California Consumer Privacy Act) — for our US clients
- Cameroon Law No. 2010/012 of December 21, 2010 on cybersecurity
Access governance
We apply the principle of least privilege: each annotator only accesses the data strictly necessary for their mission. Accesses are logged, auditable and automatically revoked at project end. Project managers have extended privileges under a role-separation policy.
Business continuity
Our operational infrastructure is hosted in Europe (Cloudflare, OVHcloud) with multi-region redundancy. We maintain a documented business continuity plan, tested quarterly, guaranteeing service recovery within 4 hours in the event of a major incident.
Specific requirements
For sensitive projects (healthcare, finance, defense), we adapt our setup to your requirements: annotation in an isolated environment, dedicated team under enhanced agreement, specific annotator certification, external compliance audit. Contact us to discuss your security framework.